Reverse Proxy Versus Load Balancer: The Key Differences

Posted on

Load balancers are like reverse proxies on steroids, handling multiple servers and adding myriad features. 

Many, including long-time IT pros, are confused about the differences between a reverse proxy and a load balancer. And there’s a good reason for that. There is quite a bit of overlap between the two and in some cases they mean the same thing. The real difference lies in which vendors use which term. Some products sold as reverse proxies are narrower and less rich in function than those sold as load balancers or application delivery controllers. These narrow function reverse proxies tend to be open source, though some vendors label their load balancers as reverse proxies. 
 

What is a Reverse Proxy?  

The term reverse proxy is normally applied to a service that sits in front of one or more servers (such as a webserver), accepting requests from clients for resources located on the server(s). From the client point of view, the reverse proxy appears to be the web server and so is totally transparent to the remote user. 
 

A load balancer delivers highly available reverse proxy services for a wide range of workloads and enhances service delivery with features such as advanced load balancing, SSL offloading and an integrated web application firewall.

What is a Load Balancer?  

A load balancer can be deployed as software or hardware to a device that distributes connections from clients between a set of servers. A load balancer acts as a ‘reverse-proxy’ to represent the application servers to the client through a virtual IP address (VIP). This technology is known as server load balancing (SLB). SLB is designed for pools of application servers within a single site or local area network (LAN).

What is the Difference Between a Load Balancer and Reverse Proxy? 

A reverse proxy tends to be a simpler approach in which the proxy gets a request from a client, passes it onto a server to be processed and then sends the server’s response to the client making the request.  

Reverse proxies present a layer of abstraction between the client and the server, thus the term proxy. This way a hacker doesn’t directly interact with the server and can’t launch successful attacks such as DDoS.  
 
In contrast, a load balancer takes client requests and distributes them amongst a defined group of servers and, in that process, the server best suited for the request handles the processing and sends the response back to the client. Often this is the server with the least load which can therefore process the request the fastest and not load an already heavily used server. 
 
Some reverse proxies can also route requests to multiple servers, therefore acting as a true load balancer. 
 

Is a Load Balancer Also a Reverse Proxy? 

The short answer is yes. Absolutely yes. A load balancer can be deployed as software or hardware to a device that distributes connections from clients between a set of servers.  
 
A load balancer is a reverse proxy. It presents a virtual IP address (VIP) representing the application to the client. The client connects to the VIP and the load balancer makes a determination through its algorithms to send the connection to a specific application instance on a server. The load balancer continues to manage and monitor the connection for the entire duration. 
 

Can a Load Balancer Act as a Proxy? 

Yes. Load balancers use a proxy, or reverse proxy, as an element of their overall function, but go far beyond what solutions labelled reverse proxies tend to offer.  
 

Do you Need a Reverse Proxy if you Have a Load Balancer? 

Generally, no. A load balancer is a reverse proxy. There may be rare cases where an open-source reverse proxy serves a highly specific need, but these are exceptions rather than the rule. 
  

Which is Better: Reverse Proxy or a Load Balancer?   

Again, the answer really has to do with how products are labelled. Higher end solutions tend to be called either load balancers or application delivery controllers (ADC), and these terms are often interchangeable. Narrow function products often carry the reverse proxy label. 

What Does a Load Balancer Do? 

Application Workloads/Servers 

Load balancers provide availability and scalability to the application. The application can scale beyond the capacity of a single server. The load balancer works to steer the traffic to a pool of available servers through various load balancing algorithms. If more resources are needed, additional servers can be added. 
 

Availability  

Load balancers health check the application on the server to determine its availability. If the health check fails, the load balancer takes that instance of the application out of its pool of available servers. When the application comes back online, the health check validates its availability and the server is put back into the availability pool. 
 

What is a Proxy? 

In computer network terminology a proxy is any system that mediates connections between two systems (usually a client and a server). Often, one entity is in a trusted zone and the other in a less trusted or untrusted zone. The client sends its request to the proxy and the proxy forwards it to the server, the server sends the response to the proxy and the proxy returns it to the client. Nice and simple.

What is a Forward Proxy? 

A forward proxy is a proxy configured to handle requests for a group of clients under the local Administrator’s control to an unknown or arbitrary group of resources that are outside of their control. Usually, the word “forward” is dropped and it is referred to simply as a proxy — this is the case in Microsoft’s topology. A good example is a web proxy appliance which accepts web traffic requests from client machines in the local network and proxies them to servers on the internet. The purpose of a forward proxy is to manage the client systems. 
 

What is a Reverse Proxy? 

The term reverse proxy is a little bit like the term “cloud.” If you ask three people what it is you’ll get four and a half answers! Is it a firewall? A router? A load balancer? If it’s not clear to you, don’t worry, you’re not alone. 
 
The challenge of understanding what reverse proxy actually is often comes from thinking of it as a specific device or product when in fact it is a network function much like switching or routing. With this way of thinking in mind it becomes easier to understand why many different products and devices can perform the role of a reverse proxy. 
 
A reverse proxy is a proxy configured to handle requests from a group of remote or arbitrary clients to a group of known resources under the control of the local Administrator. An example of this is a load balancer (a.k.a. application delivery controller) that provides application high availability and optimization to workloads such as Microsoft Lync, Exchange and SharePoint. The purpose of a reverse proxy is to manage the server systems. 
 
Everything after that are just details specific to the situation and the product but not part of the definition of a reverse proxy. Having the role of reverse proxy is important for delivering a lot of other network services, but it isn’t what defines a reverse proxy. Security devices like web application firewalls act as reverse proxies in order to inspect application traffic for attacks, and load balancers implement reverse proxying in order to optimize and control traffic as well. 
 
 


Posted on

Doug Barney

Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug has also served as Executive Editor of Network World, Editor in Chief of AmigaWorld and Editor in Chief of Network Computing.